COVENTRY MESSAGE BOARD

[dutchman]

Mozilla has withdrawn the latest version of its Firefox internet browser due to security concerns.



Users who upgraded to version 16 of the web software are advised to use the previous version after a security vulnerability was uncovered post release.

The flaw enables a "malicious" website to track users' online activity, but Mozilla insists that only a small number of computers have been affected.

"At this time we have no indication that this vulnerability is currently being exploited in the wild," said Mozilla security director Michael Coates in a blog post.

"Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available.

"As a precaution, users can downgrade to version 15.0.1 by following these instructions. Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability."

Mozilla claims that users were not prompted to install the update automatically, and pledged to deliver a fix at some point today (October 11).

[dutchman]

Mozilla fixes Firefox 16 web browser security flaw

Mozilla has moved to fix a vulnerability in the latest version of its Firefox browser that could have allowed websites to discover what other web pages a user had visited.

After the flaw was discovered this week, version 16 of Firefox was pulled by Mozilla just 24 hours after launch, and users were urged to shift to an older version.

The flaw was said to enable a "malicious" website to track users' online activity, although Mozilla insisted that only a small number of computers were affected.

Mozilla has now addressed the issue in Firefox, which has a 20% share of the global desktop browser market according to NetMarketShare, putting it just behind Microsoft's Internet Explorer.

Users of Firefox are now offered version 16.0.1 of the browser, which does not contain the security flaw.

In a statement issued to the BBC, a Mozilla spokesman said: "We were quick to recognise the security vulnerability of Firefox 16 and took immediate action to temporarily remove the update from the current installer page.

"As a precaution we asked Firefox users to revert back to using Firefox 15.0.1 whilst we worked to fix the problem. Firefox 16 was released with updates completely 'throttled', which meant that users were not automatically updated.

"We take security issues extremely seriously and were able to address the problem with Firefox quickly with limited impact to our users."